Give up firstborn for free Wi-Fi? Some click "I agree"

By Agata Blaszczak-Boxe

Updated on: September 30, 2014 / 5:00 AM
/ CBS News

Would you give up your firstborn child to access the Internet for free? As outrageous as this idea may seem, this is exactly what some people agreed to do while carelessly signing an agreement to use a public Wi-Fi hotspot in a recent experiment conducted in London.

And they weren't just oblivious about clicking "I agree" without reading the terms of the agreement. On top of that, users also exposed their Internet traffic, personal data, the contents of their email to an unsecured Wi-Fi hotspot set up by security researchers using techniques that malicious hackers could also exploit.

The experiment, supported by the European Union law enforcement agency Europol, was conducted by Cyber Security Research Institute in the United Kingdom and SySS, a German penetration testing company, on behalf of Finnish security company F-Secure.

To conduct the experiment, researchers built a portable Wi-Fi access point for a cost of about 200 euros (about $250). They placed the device in prominent districts of London and then observed how people connected to it, unaware that the activity was being monitored by researchers.

Wi-Fi hotspots a hotbed for hacker activity

Within just half an hour after setting up the hotspot, 250 devices connected to it. Most likely did so automatically, without their owners even realizing it, the researchers say. Moreover, 33 people consciously used the hotspot to carry out web searches, send data and emails. A total of 32 MB of data were captured in the experiment -- and immediately destroyed to protect consumer privacy, the researchers note. The text of emails sent over a POP3 network -- a common, unencrypted protocol for receiving email -- could be read, as could the email addresses of the sender and recipient, and even the password of the sender.

For a short period of time, the investigators also introduced a Terms and Conditions page that included a clause asking people to give up their firstborn child or a beloved pet in order to use the hotspot. Six users agreed to those terms before the page was disabled, which shows how little attention people tend to pay to those long and inscrutable pages of legal text.

Sean Sullivan, a security advisor at F-Secure, who participated in the experiment, noted that people are more aware of some Internet security practices than they were five or six years, with fewer people leaving their home Wi-Fi unlocked.

"It's time to shift public perception of 'free' Wi-Fi," Sullivan told CBS News in an email. "Why keep strangers off your home network but be willing to use a 'stranger's' network without protection? It isn't a place, it's an activity."

"The issue of Wi-Fi security is one that we at the European Cybercrime Centre (EC3) at Europol are very concerned about," Troels Oerting, head of Europol's EC3, said in a statement. "We wholeheartedly support activities which shine light on this everyday risk consumers face."

Sullivan advised that people take a closer look next time they are faced with a Terms and Conditions page for a public Wi-Fi hotspot, as many providers warn users about inherent risks that come with wireless communications and suggest using a VPN, or virtual private network, to secure communications.